Agent Smith Malware Infects 25 Million Android Phones

Never download Android apps from unofficial app stores. This warning was given by cybersecurity experts after 25 million Android phones have reportedly got infected by a malware called Agent Smith, which replaces installed apps with one that serves ads.

Google’soperating system has been hit with the most severe threat in recent memory.

According to cybersecurity researchers, over 25 million Android phones have been infected with a malware dubbed Agent Smith. Exploiting known weaknesses of the Android operating system, the malware replaces installed apps such as WhatsApp with one that serves ads.

While the ads may seem harmless, security experts point out that whoever is behind the attack could do worse. Here is why.

Aside from hiding its icon from the launcher, the malware, Agent Smith can impersonate any existing popular app on a device. This creates endless ways of hurting a user’s device.

Although Google is reportedly aware of the malware’s existence, the tech giant hasn’t issued a statement yet.

A Widespread Malware Attack

While most of the malware victims – about 15 million – are in India, about 300,000 Android devices in the U.S. were also attacked. In the U.K., 137,000 phones are reportedly infected.

So, how is the malware spreading?

Agent Smith made its way into users’ phone via a 9apps.com, a third-party app-store owned by China’s Alibaba.

Here’s the thing; non-Google Play attacks typically focus on developing countries. So, the hacker’s success in the U.S. and the U.K. is one of a kind, which makes it remarkable.

So, how does it work?

How Agent Smith Operates

It begins with users downloading an app from the store – a game or a utility app. Then, the app covertly installs the malware in the guise of a Google updating tool.

The malware remains under the radar, with no icon appearing on the launcher. In then starts to replace legitimate apps such as WhatsApp and Opera browser with evil updates to serve bad ads.

While the ads are not malicious, it’s a typical fraud scheme. With every click on the injected ad, the hacker makes money in an ideal pay-per-click system.

What Can You Do?

According to the head of cyber analysis and response at cybersecurity agency, Check Point, users can uninstall the malware.

Click on the Settings icon on your Android device and scroll down to the apps and notification section. Next, scan through the app info list for Google Updater, Google Installer for U, Google Powers, and Google Installer

Click on the suspicious app and select “Uninstall.”

A smarter option would be to avoid unofficial Android app stores. But, even the Google Play store is not any safer.